Vibe Coded and Tested with the ESP23 on Android
Target: Bitchat Android Application (All versions as of Jan 2026)
Vulnerability Type: Denial of Service (DoS), Improper Authentication (CWE-287), Uncontrolled Resource Consumption (CWE-400).
This software is for educational and security research purposes only. The author takes no responsibility for any damage caused by the use or misuse of this tool. Use this code only on devices you own or have explicit permission to test.
This Proof-of-Concept (PoC) demonstrates a vulnerability in the Bitchat Bluetooth Mesh protocol. The application fails to rate-limit incoming connections or verify the identity of the sender against a trusted list before allocating system resources.
This tool runs on an ESP32 microcontroller. It generates a random, valid Ed25519 identity and floods the target device with signed Type 1 (Announce) packets.
Impact:
- Resource Exhaustion: Rapidly drains the victim's battery.
- UI Flooding: Renders the "Connected Devices" list unusable by populating it with hundreds of "Unknown" ghost peers.
- Authentication Bypass: Proves that the app accepts signatures from arbitrary/untrusted keys.
- ESP32 Development Board (ESP-WROOM-32 or similar).
- Android Device running Bitchat (Target).
- Install Arduino IDE.
- Install the ESP32 Board Manager in Arduino IDE.
- Install the Crypto library by Rhys Weatherley (via Library Manager).
- Open
Bitchat_DoS_PoC.inoand upload it to your ESP32.
- Power on the ESP32 near the target Android phone.
- Enable Bluetooth on the Android phone and open Bitchat.
- Open the Serial Monitor (115200 baud) on Arduino IDE to view injection logs.
- Observation: The "Connected Devices" list on the Android app will toggle rapidly, and logs (if verbose) will show a flood of connections.
The vendor should implement:
- Rate Limiting: Block peers attempting excessive connections per minute.
- Trust-on-First-Use (TOFU): Do not process or display peers that are not in the contact list or have not completed a challenge-response handshake.